Tigera Extends Zero-Trust IT to Kubernetes Pod Level

Tigera has extended its ability to network Kubernetes clusters together to include the ability to assign identities to individual pods.

Utpal Bhatt, chief marketing officer for Tigera, said the cluster mesh capabilities that Tigera enables using open source Calico network virtualization software will make it easier to manage a number of tasks ranging from observability and disaster recovery to applying cybersecurity policies spanning multiple clusters.

Calico makes it possible to create federated policies in one cluster that reference pods in another cluster. Those federated identities enable service discovery of remote pods in another cluster. Calico then provides a unified policy framework that works across bare metal servers, hosts, virtual machines and containers to enable legacy and modern IT environments.

At the same time, Calico enhances cybersecurity by providing capabilities such as centralized logins, points of control, log management, troubleshooting tools, storage management and compliance reporting. Calico also makes it possible to encrypt traffic in transit to create a zero-trust IT environment.

Finally, Calico provides visibility into service-to-service communication using Dynamic Service and Threat Graph visualizations that run natively on Kubernetes clusters.

While Kubernetes provides networking services to connect pods and namespaces with a cluster, IT teams that want to network multiple Kubernetes clusters together will need to implement some type of network overlay. Tigera has been making a case for its open source Calico software, originally developed more than six years ago, to create a data plane architecture that spans Linux and Windows and emerging technologies such as the extended Berkeley Packet Filter (eBPF) microkernel. The goal is to provide IT teams with an open source framework that enables them to consolidate network and security policy management across multiple platforms.

Exactly who manages networking and security within an IT organization appears to be evolving in the cloud-native era. As declarative frameworks such as Calico are employed it becomes much simpler to integrate networking and security services within a larger DevOps workflow. That capability makes it possible to shift more responsibility for those services to DevOps teams with the context of a larger zero-trust approach to managing IT. Tigera also makes available a cloud-native application protection platform (CNAPP) which is a cloud service that leverages Calico to enable IT teams to achieve that goal.

Obviously, it’s still early days as far as the transition to zero-trust IT environments is concerned, but it’s clear that securing Kubernetes environments all the way down to the pod level is now a requirement. As defined by the National Institute of Standards and Technology (NIST), zero-trust IT is an “evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets and resources.” As such, no implicit trust is granted to assets or users based solely on their physical or network location or asset ownership.

Most cybersecurity professionals realize that’s not necessarily a new idea. Forrester Research analyst John Kindervag is credited with popularizing the term in 2010, but the concept itself can be traced back as far as 2004. The challenge and the opportunity now are finding the simplest way to achieve that goal with the least amount of disruption to DevOps workflows.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1614 posts and counting. See all posts by Mike Vizard